Changelog — ClariSpec

v4.4.1 2026-03-26

perf VPS upgrade (6 vCPU / 12 GB RAM / 100 GB): all infrastructure configs tuned for new resources
perf Uvicorn workers 8→12: 50% more request handling capacity
perf AI semaphore 12→24: 2× more concurrent AI analyses
perf Background workers 4→8: faster job processing, queue 100→200
perf DB pool 15→30: doubled connection capacity for peak traffic
perf Export concurrency doubled: PDF 2→4, DOCX 3→6, PPTX 3→6
perf Rate limit 120→200/min: higher throughput per IP
perf Log retention extended: 90 days journald, 12 rotations logrotate

v4.4.0 2026-03-24

feat Streaming as default: all 47 modules now use real-time SSE streaming — eliminates timeout errors on long AI calls
sec Deep QA: 259 bugs fixed across 6 rounds (R5-R10) — authorization defense-in-depth, path traversal protection, XSS prevention, CSRF hardening
sec Module restriction enforcement: module_restricted_html() on all 50 route files — free-tier bypass eliminated
fix Payment webhooks: hmac.HMAC() fix — webhook verification now works (was silently failing)
fix Cache invalidation: user monthly limits update immediately after each analysis (no 60s stale window)
perf Read replica routing: all SELECT queries use read pool — reduces primary DB load
feat Pre-launch scripts: smoke test, backup, and monitoring scripts added
fix CSP headers: all CDN origins included — HTMX/DOMPurify/highlight.js load correctly
fix Audio uploads: 2MB body limit now exempts transcript module (allows 25MB audio files)

v4.3.1 2026-03-23

fix Polar.sh checkout: corrected API endpoint and request format — checkout flow now works end-to-end
fix Webhook signature verification: strip whsec_ prefix before decoding — subscription upgrades now process correctly after payment
fix Async checkout: switched from sync to async HTTP client — eliminates event loop blocking and timeouts
fix Auth redirect flow: next parameter now preserved through login/register — users land on billing page after signup from pricing
fix Pricing page links: upgrade buttons now route through registration for logged-out users
fix Feature comparison table: Free plan limit: 3 analyses/month

v4.2.0 2026-03-23

feat Risk Register rewrite: 64 to 200+ lines — EMV, Monte Carlo, risk velocity, residual risk, interdependency diagram
feat BRD/Documentation rewrite: standalone prompt (was alias), 15 sections, IEEE 29148, Mermaid scope diagram
feat LLD enhanced: deployment view + security architecture (auth flow, authorization matrix, data classification)
feat Smart traceability: 10 key modules now have specific upstream/downstream recommendations (not generic)
feat Transcript enhanced: multi-language support, participant identification, LOW CONFIDENCE flagging
fix Hardcoded dates removed: Gantt templates now use relative dates

v4.1.0 2026-03-23

feat Cross-Module Traceability: all 50 modules now output upstream references and recommended next steps
feat Process Transformation rewrite: 6 to 13 sections (Lean, DMAIC, Gantt, automation assessment)
feat Process Architecture rewrite: 5 to 11 sections (APQC PCF, CMMI, Porter's Value Chain)
feat Diagram enhanced: Use Case and Class Diagram prompts upgraded with quality directives
perf Module quality average: 9.2/10 — 9 modules at perfect 10/10

v4.0.0 2026-03-23

feat 3-tier pricing: Free ($0, 3/mo, 5 modules) / Basic ($19/mo, 30/mo, all modules) / Pro ($49/mo, unlimited)
feat Module restrictions: Free tier limited to 5 highest-value modules
feat Export tiers: Free=Markdown, Basic=+PDF/DOCX/CSV, Pro=+PPTX/JSON/Jira
feat USD pricing: international pricing in US dollars across all pages
fix Updated: LP, pricing page, FAQ, help center, emails, blog, concept docs

v3.5.0 2026-03-23

feat Polar.sh billing: checkout, webhook handler, customer portal, billing page
feat Subscription management: auto upgrade/downgrade on payment events
feat Billing sidebar: upgrade prompt for free users, billing link in account

v3.4.0 2026-03-22

feat Blog: 5 SEO-optimized BA articles at /blog with JSON-LD structured data
fix Project isolation: users no longer see other users' projects

v3.3.0 2026-03-22

perf Workers 4 to 8: doubled HTTP throughput
perf AI semaphore 15 to 20: more concurrent AI calls
perf Background workers 2 to 4: faster job processing
perf Jinja2 bytecode cache: faster template rendering
perf Static file caching: 1-year immutable Cache-Control
perf Health endpoint cached: 10s in-memory cache
perf Gzip threshold 1000 to 256: more responses compressed
perf Memory limit 2G to 3G: headroom for 8 workers

v3.2.0 2026-03-22

feat Google OAuth 2.0: "Continue with Google" on login and register pages
sec OAuth security: CSRF state via SessionMiddleware, automatic user linking by email

v3.1.0 2026-03-22

feat AI Memory v2: learns from thumbs up/down, tracks preferred modules, writing style preference
feat Slack webhook format: rich Block Kit messages for Slack integrations
perf Redis AI cache: shared response cache across workers (1h TTL)
perf DB pool optimization: increased pool sizes (5-15 primary, 3-10 replica)
sec Security hardening: explicit Jinja2 autoescape, HSTS preload, Permissions-Policy, session rotation
sec Redis rate limiting: IP rate limit shared across workers (replaces in-memory dict)
feat Dependency scanning: pip-audit in CI pipeline
feat JSON log aggregation: structured logging to app.json.log

v3.0.0 2026-03-22

feat Help Center: /help with Getting Started guides, module docs, API quickstart
feat FAQ page: /faq with 15+ frequently asked questions
feat Auto-generated module docs: documentation for all 34+ modules
feat API examples: Swagger enriched with request/response examples
feat Architecture docs: tech stack, DB schema, deployment topology
feat CI/CD pipeline: GitHub Actions with pytest, coverage, Bandit security scan
feat Test expansion: API schema tests, performance baseline, accessibility, 21 e2e flows
feat Test plan: comprehensive test strategy document

v2.9.0 2026-03-22

feat Design system: CSS design tokens (colors, spacing, typography, shadows)
feat Light theme: proper light mode with system preference detection
feat Global search (Cmd+K): search modules, history, and projects from anywhere
feat Interactive demo: try ClariSpec without registration at /demo
feat Template unification: shared public header/footer across all public pages
feat Micro-interactions: button animations, sidebar hover, result fade-in
feat Responsive tables: horizontal scroll on mobile for wide tables
feat Enhanced breadcrumbs: project context in navigation path

v2.8.0 2026-03-22

sec Stability audit v8: 59 issues fixed (7 CRITICAL, 13 HIGH) + re-audit clean
sec XSS hardening: result|tojson pattern, stored XSS filters, DOM XSS fixes
fix SQL fix: RETURNING COUNT(*) → RETURNING id, bookmark filter in SQL
fix Route conflict: /docs renamed to /documentation (Swagger stays at /docs)

v2.7.0 2026-03-22

feat Feedback system: "Report an issue" and "Request a feature" with admin management panel
feat Admin Panel: dedicated sidebar section (admin-only) with Dashboard, Feedback, Revenue, API Keys, Webhooks
feat Changelog updated: all versions v1.8.0–v2.6.0 added to changelog page
fix Sidebar reorganization: cleaner separation of Tools, Account, and Admin sections

v2.6.0 2026-03-22

sec Stability audit v7: 113 issues fixed (13 CRITICAL, 26 HIGH, 42 MEDIUM, 32 LOW)
sec XSS fixes: html.escape on 48 routes, reset token, error messages, innerHTML→textContent
sec CSRF: exact origin matching (no more endswith bypass)
sec SSRF: internal IP blocklist on URL import
sec GDPR: complete cascade delete across 13 user tables
fix i18n race condition: async-safe contextvars translator
fix Circuit breaker: thread-safe with Lock

v2.5.0 2026-03-22

feat Real-time collaboration: see who's viewing the same analysis ("N others viewing")
feat Markdown editor toolbar: 12 formatting buttons with live preview
perf Async AI streaming: native httpx async (no more thread pool bridge)
sec Encryption at rest: opt-in Fernet field-level encryption
feat Database read replica: configurable READ_DATABASE_URL
feat 6 test suites: API contracts, load testing, chaos, visual regression, security, concurrency

v2.4.0 2026-03-22

feat REST API: POST /api/v1/analyze, GET /modules, GET /history (Bearer token auth)
feat i18n: PL/EN language switcher with translated sidebar
feat Comments & annotations on analysis results
feat A/B test prompts: side-by-side comparison with voting
feat Background job queue: asyncio workers for fire-and-forget tasks
feat Module quiz on landing page — 3 questions → recommendation

v2.3.0 2026-03-22

feat Webhook system: HMAC-signed notifications on analysis complete
feat AI memory: user preferences (language, instructions, industry) persist across sessions
feat Scheduled analyses: cron-like daily/weekly auto-run
feat Prompt library sharing: share custom templates with community
feat Content hub: 5 BA template pages as lead magnets
feat Email drip campaign: Day 1/3/7/14 automated onboarding
feat Industry compliance packs: 8 industries (banking, healthcare, insurance, etc.)
sec WCAG 2.1 AA: skip-link, ARIA, contrast ratios

v2.2.0 2026-03-22

feat API Spec Generator: OpenAPI 3.0 module
feat Import: Word .docx, CSV, context from URL
feat Export: PPTX (PowerPoint) export
feat AI module recommendation: smart search with keyword matching
feat Onboarding tour: interactive 4-step walkthrough
feat Custom prompt templates: save, share, reuse across analyses
feat Industry-specific prompts: banking, healthcare, manufacturing, etc.
feat Coupon/promo codes with admin management

v2.1.0 2026-03-22

feat JSON export, PDF theme toggle, retry on error
feat Session management: view and revoke active sessions
feat API key auth: generate Bearer tokens for API access
feat GDPR: delete account + download my data
feat Audit trail: who did what, when
feat User analytics: /app/my-stats ("hours saved")
feat Examples gallery, help tooltips, refund policy, newsletter signup
feat Quality score badge on analysis results
sec Circuit breaker, CSP header, per-IP rate limiting

v2.0.0 2026-03-22

feat Chain-of-thought toggle, loading skeletons, compact dashboard mode
feat Expert Discussion chat persistence (localStorage)
feat Swagger/OpenAPI docs at /docs and /redoc
perf CORS middleware, graceful shutdown, enhanced print CSS

v1.9.0 2026-03-22

feat 3 new modules: PESTLE, Change Management, Data Flow Diagram
feat Analysis tags, recently used modules, editable titles, D&D files
feat Temperature control, token usage display, thumbs up/down
feat History pagination (20/page)
sec Per-user rate limiting (10/min via Redis), per-user projects

v1.8.0 2026-03-22

feat 7 new modules: Customer Journey Map, Acceptance Criteria, Business Case, SWOT, NFR Spec, Decision Log, Value Stream Map
feat Analysis bookmarks, auto-save drafts, sidebar persistence, relative dates
feat Changelog page, social proof metrics, SAFe/LeSS/ITIL4 in system prompt

v1.7.0 2026-03-22

sec Stability audit v6: 37 issues fixed — thread-safe client, async-safe cleanup, CSRF middleware

v1.6.0 2026-03-15

feat Workflow Chains: chain multiple modules together in automated sequences
feat Project Context AI: project-aware analysis with shared context
feat Expert Discussion: chat with domain experts across 16 industries
feat Deep Research: comprehensive research reports with citations

v1.5.0 2026-03-01

feat Landing page marketing optimization
sec Security audit: 32 issues fixed across 4 audit rounds
perf Redis caching for analytics and project queries

v1.4.0 2026-02-20

feat Batch Processing: run multiple analyses in parallel
feat Compare Versions: side-by-side diff of analysis versions
feat Admin Analytics dashboard with usage charts
feat Keyboard shortcuts (Cmd+Enter, Cmd+K, ?, etc.)

v1.3.0 2026-02-10

feat Streaming output: see results as they generate in real-time
feat Follow-up questions: refine any analysis result
feat Architecture modules: HLD, LLD, Package Diagram
feat XMI Import/Export for Enterprise Architect integration

v1.2.0 2026-01-28

feat Sharing: generate public links for analyses
feat Versioning: save and compare versions of results
feat Approval workflow: draft/pending/approved/rejected statuses
feat Full-text search across all analyses

v1.1.0 2026-01-15

feat 15 new modules: Risk Register, BMM, TOM, Domain Model, Business Rules, and more
feat Project management: group analyses by project
feat Dark/light theme toggle
perf Lazy-loaded Mermaid for faster page loads

v1.0.0 2026-01-01

feat Initial release with 25+ modules across 6 groups
feat Core modules: Transcript, BRD, Diagrams, Test Cases, Gap Analysis, Glossary
feat User auth with bcrypt, session management, free tier limits
feat Mermaid diagram rendering in browser
feat PDF, DOCX, Markdown export

ClariSpec Changelog